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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 26 February 2004 . 
V 2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-16 is/are rejected. 

7) D CIaim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

' 10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to bythe Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to bythe Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-16 have been examined. 

2. Information Disclosure Statements as received on 12/18/2003 and 3/22/2004 are 
considered. 



Claim Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 1-5, 9-13 are rejected under 35 U.S.C. 103(a) as being unpatentable by Singh et 
al., US Patent Number 5,758,083, hereinafter Singh in view of Lee et al, "An expanded 
NAT with server connection ability", TENCON 99., Proceedings of the IEEE Region 10 
Conference, hereinafter Lee. 

5. Referring to claim 1, Singh has taught a computer network comprising: 

a first edge device (Col 22 linel, first network manager), coupled to a first 
physical private network (Col 22 line 1, private network is a network), the first edge 
device configured to create a first table with information of members network reachable 
through the first edge device (Col 22 lines 5-7), the first table being stored in a first 
database (Col 22 line 6, the first table must exist, since a table in a database is just blocks 
of memory being occupied, and the information being stored in the database must occupy 
some blocks of memory, which could be viewed as a table); 
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a second edge device (Col 22 lines 2, second network manager), coupled to a 
second physical private network (Col 22 lines 2-3, private network is a network), the 
second edge device configured to create a second table with information of member 
networks reachable through the second edge device (Col 22 lines 7-9), the second table 
being stored in a second database (Col 22 lines 7-9); 

wherein, the first and second edge devices enable secure communication between 
the first and second private networks (Col 8 lines 31-35), and the first edge device shares 
the information of the member networks of the first table with the second edge device 
and the second edge device shares the information of the member networks of the second 
table with the first edge device (Col 22 lines 1-11) 

Singh has not explicitly taught wherein the member networks include a group of 
one or more virtual private networks. 

However, Lee has taught two edge devices (see page 1393 figure 7, NAT routers) 
connecting to a group of one or more VPNs (page 1393 Col 1, lines 16-18 states if two or 
more inter-private network connections using NAT are available, running VPN will also 
be available. Also see the abstract) 

It would have been obvious to a person with ordinary skill in the art at the time 
the invention was made to incorporate the two databases of Singh in Lee such that to 
have member networks include a group of one or more virtual private networks because 
both Singh and Lee teach communications between two edge devices in an inter- 
networking environment. Singh contains an authorization list containing information 
indicating receiving machines are authorized to received the information (Col 2 lines 15- 
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17), and Lee discloses that a VPN connection tables contains virtual IP headers to allow 
connections (page 1393, Col 1 bottom - Col 2 Top). They are similar in terms of their 
functionality. 

A person with ordinary skill in the art would have been motivated to make the 
modification to Singh because having the VPN connection tables would allow Singh's 
system to authorize receiving devices by their virtual IP. Doing so would make the 
management of network be very easy and also can offer VPN with ease as taught by Lee 
(page 1393, Col 2, conclusion section.) 

6. Referring to claim 2, Singh has further taught the computer network of claim 1, wherein 
the first edge device include logic for: 

receiving a new route information (Col 2 lines 32-35, sender is viewed as first 
edge device, and it filtered event and trap information which is viewed as new route 
information); 

storing the new route information in the first database(this is an inherent feature 
according to Col 22 lines 9-11, sender and receiver is sharing the information by 
synchronize the databases, therefore the new route information must be stored in the first 
database before being synchronized); and 

transmitting a portion of the new route information to the second edge device (Col 
2 lines 44-47, receiver is viewed as the second edge device which receives the filtered 
event and trap information from the sender.) 

7. Referring to claim 3, Singh has further taught wherein the portion of the new route 
information is a route name (Col 22 lines 5-11, topology data in first database is 
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considered as new route information, and topology data includes information on 
connections between devices in a network which could be viewed as route names.) 

8. Referring to claim 4, Singh has further taught the computer network of claim 2, wherein 
the second edge device includes logic for: 

receiving the portion of the new route information (Col 2 lines 44-47, receiver is 
viewed as the second edge device which receives the filtered event and trap information 
from the sender) ; 

accessing the first database based on the portion of the new route information 
(Col 2 lines 44-47); 

retrieving the new route information from the first database (Col 2 lines 44-47); 

and 

storing the retrieved route information in the second database this is an inherent 
feature according to Col 22 lines 9-11, sender and receiver is sharing the information by 
synchronize the databases, therefore after the synchronization is being, the route 
information is being stored in the second database.). 

9. Referring to claim 5, Singh has further taught wherein communication between the first 
and second physical private networks is managed according to a security policy 
associated with the networks (Col 8 lines 31-35.) 

10. Referring to claims 9-13, claims 9-13 encompass the same scope of the invention as that 
of the claims 1-5. Therefore, claims 9-13 are rejected for the same reason as the claims 
1-5. 
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11. Claims 6-7, 14-15 are rejected under 35 U.S.C. 103(a) as being unpatentable over Singh, 
in view of Hamano, and in further views of Rowe et al., US Patent Number 6,466,941, 
hereinafter Rowe. 

12. Referring to claim 6, Singh as modified has taught an invention as described in claim 5, 
Singh has further taught wherein the security policy is defined for a security policy group 
(Col 8 lines 31-35, distributed network managers is viewed as a security group), the 
security policy group including virtual private networks (Col 22 lines 1-3, first network 
and second network are the member networks since they could communicate to each 
other), a rule controlling access to the member networks (Col 2 lines 15-17, Col 9 lines 
61- Col 10 lines 3.) 

Singh as modified has not taught the security group provides a hierarchical 
organization of groups and users allowed to access the virtual private networks.. 

However, Rowe has taught a content management tool that provides a hierarchical 
arrangement of data tables (Col 20 lines 39-42) and allowed users to access the system 
(Col 21 lines 7-13.) 

It would have been obvious to a person with ordinary skill in the art at the time 
the invention was made to modify the teaching of Singh such that to have the security 
group provides a hierarchical organization of groups and users allowed to access the 
member networks because both Singh and Rowe have taught invention regarding to 
network database management, and Rowe provides a method of organizing the network 
database. 
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A person with ordinary skill in the art would have been motivated to make the 
modification to Singh because having a hierarchical arrangement is one of the various of 
way to organize the context of a system, Rowe provide the hierarchical to allow user to 
have a better visualization with the organized data, which allow users to locate the 
information faster and easier. Therefore it would be obvious for Singh to use the 
hierarchical arrangement in Singh's system to provide the users a easy and fast way of 
locating information. Also, Rowe has taught the limitation of user allowed to access the 
database, this is a well known feature to have only the authorized users to be able to 
access the system in order to provide the security to the system, therefore, it would also 
be obvious for Singh to have users allowed to access the member networks in his 
invention. 

13. Referring to claim 7, Singh as modified has further taught wherein each of the one or 
more virtual private networks has full connectivity with all other virtual networks (Col 22 
lines 1-12, first network and second network has full connectivity with each other) and 
the security policy defined for the security group is automatically configured for each 
connection (Col 17 lines 10-15) 

14. Referring to claims 14-15, claims 14-15 encompass the same scope of the invention as 
that of the claims 6-7. Therefore, claims 14-15 are rejected for the same reason as the 
claims 6-7. 

15. Claims 8 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Singh, in 
views of Lee and Rowe, in further views of Martino Jr. et al., US Patent Number 
5,029,206, hereinafter Martino. 
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16. Referring to claim 8, Singh as modified has taught in invention as described in claim 6. 
Singh as modified has not taught wherein the security policy provides encryption of 
traffic among the one or more virtual private networks and the rule is a firewall rule 
providing access control of the encrypted traffic among the one or more virtual private 
networks. 

However, Martino has taught encryption of traffic among networks, and rules 
providing access control of the encrypted traffic among the networks (Col 4 lines 27-38.) 

It would have been obvious to a person with ordinary skill in the art at the time 
the invention was made to modify the teaching of Singh in views of Rowe such that to 
have the security policy provides encryption of traffic among the member networks and 
the rule is a firewall rule providing access control of the encrypted traffic among the 
member networks. 

A person with ordinary skill in the art would have been motivated to make the 
modification to Singh in views of Rowe because having encrypted traffic between 
member networks and rules providing access control would enhance the network security 
as taught by Martino. 

17. Referring to claim 16, claim 16 encompasses the same scope of the invention as that of 
the claim 8. Therefore, claim 16 is rejected for the same reason as the claim 8. 

Response to Arguments 

18. Applicant's arguments with respect to claims 1-16, have been considered but are moot in 
view of the new ground(s) of rejection. 
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Conclusion 

19. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Liang-che Alex Wang whose telephone number is (703) 
305-8159. The examiner can normally be reached on Monday thru Friday, 8:30 am to 
5:00 pm. 

20. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hosain T Alam can be reached on (703)308-6662. The fax phone numbers 
for the organization where this application or proceeding is assigned is (703) 872-9306 
for regular communications. 

21. Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 



Liang-che Alex Wang 
March 30, 2004 



